ASF Bugzilla – Attachment 29882 Details for
Bug 54468
Restore FIPS operation when compiled against OpenSSL 1.0.1c
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to replace MD5 with an EVP implementation of SHA1
fips_permitted_contextid.patch (text/plain), 3.72 KB, created by
William A. Rowe Jr.
on 2013-01-22 16:57:32 UTC
(
hide
)
Description:
Patch to replace MD5 with an EVP implementation of SHA1
Filename:
MIME Type:
Creator:
William A. Rowe Jr.
Created:
2013-01-22 16:57:32 UTC
Size:
3.72 KB
patch
obsolete
>Index: include/ssl_private.h >=================================================================== >--- include/ssl_private.h (revision 7448) >+++ include/ssl_private.h (working copy) >@@ -49,7 +49,6 @@ > #include <openssl/evp.h> > #include <openssl/rand.h> > #include <openssl/x509v3.h> >-#include <openssl/md5.h> > /* Avoid tripping over an engine build installed globally and detected > * when the user points at an explicit non-engine flavor of OpenSSL > */ >@@ -234,7 +233,7 @@ > BIO *bio_os; > BIO *bio_is; > >- unsigned char context_id[MD5_DIGEST_LENGTH]; >+ unsigned char context_id[SHA_DIGEST_LENGTH]; > > int protocol; > /* we are one or the other */ >@@ -309,7 +308,6 @@ > RSA *SSL_callback_tmp_RSA(SSL *, int, int); > DH *SSL_callback_tmp_DH(SSL *, int, int); > void SSL_callback_handshake(const SSL *, int, int); >-void SSL_vhost_algo_id(const unsigned char *, unsigned char *, int); > int SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int); > int SSL_callback_SSL_verify(int, X509_STORE_CTX *); > int SSL_rand_seed(const char *file); >Index: src/sslcontext.c >=================================================================== >--- src/sslcontext.c (revision 7448) >+++ src/sslcontext.c (working copy) >@@ -147,9 +147,9 @@ > #endif > /* Default session context id and cache size */ > SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE); >- MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME, >- (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1), >- &(c->context_id[0])); >+ EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME, >+ (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1), >+ &(c->context_id[0]), NULL, EVP_sha1(), NULL); > if (mode) { > SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA); > SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); >@@ -195,9 +195,9 @@ > TCN_ASSERT(ctx != 0); > UNREFERENCED(o); > if (J2S(id)) { >- MD5((const unsigned char *)J2S(id), >- (unsigned long)strlen(J2S(id)), >- &(c->context_id[0])); >+ EVP_Digest((const unsigned char *)J2S(id), >+ (unsigned long)strlen(J2S(id)), >+ &(c->context_id[0]), NULL, EVP_sha1(), NULL); > } > TCN_FREE_CSTRING(id); > } >Index: src/sslnetwork.c >=================================================================== >--- src/sslnetwork.c (revision 7448) >+++ src/sslnetwork.c (working copy) >@@ -151,7 +151,7 @@ > SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA); > SSL_set_tmp_dh_callback(ssl, SSL_callback_tmp_DH); > SSL_set_session_id_context(ssl, &(ctx->context_id[0]), >- MD5_DIGEST_LENGTH); >+ sizeof(ctx->context_id)); > } > SSL_set_verify_result(ssl, X509_V_OK); > SSL_rand_seed(ctx->rand_file); >Index: src/sslutils.c >=================================================================== >--- src/sslutils.c (revision 7448) >+++ src/sslutils.c (working copy) >@@ -404,25 +404,6 @@ > return (DH *)SSL_temp_keys[idx]; > } > >-void SSL_vhost_algo_id(const unsigned char *vhost_id, unsigned char *md, int algo) >-{ >- MD5_CTX c; >- MD5_Init(&c); >- MD5_Update(&c, vhost_id, MD5_DIGEST_LENGTH); >- switch (algo) { >- case SSL_ALGO_UNKNOWN: >- MD5_Update(&c, "UNKNOWN", 7); >- break; >- case SSL_ALGO_RSA: >- MD5_Update(&c, "RSA", 3); >- break; >- case SSL_ALGO_DSA: >- MD5_Update(&c, "DSA", 3); >- break; >- } >- MD5_Final(md, &c); >-} >- > /* > * Read a file that optionally contains the server certificate in PEM > * format, possibly followed by a sequence of CA certificates that
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=29882">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 54468
: 29882